{"title":"自适应过程感知信息系统中的安全策略:现有的方法和挑战","authors":"Maria Leitner","doi":"10.1109/ARES.2011.107","DOIUrl":null,"url":null,"abstract":"Enabling security is one of the key challenges in adaptive Process-Aware Information Systems (PAIS). Since automating business processes involves many participants, uses private and public data, and communicates with external services security becomes inevitable. In current systems, security is enforced by an access control model and supplementary constraints imposed on workflow activities. However, existing systems provide individual implementations for security policies (e.g. separation of duties) and leave out other constraints (e.g. inter-process constraints). What is missing is a systematic analysis of security policies in PAIS. Hence, in this paper, we display state of the art and provide a taxonomy of security policies in PAIS. Furthermore, a detailed analysis of research challenges and issues is presented. We will show that there are still shortcomings and identify important requirements for security in PAIS. We will also point out open questions related to specifying, modeling, and changing security policies which will provide a road map for future research.","PeriodicalId":254443,"journal":{"name":"2011 Sixth International Conference on Availability, Reliability and Security","volume":"2 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-08-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":"{\"title\":\"Security Policies in Adaptive Process-Aware Information Systems: Existing Approaches and Challenges\",\"authors\":\"Maria Leitner\",\"doi\":\"10.1109/ARES.2011.107\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Enabling security is one of the key challenges in adaptive Process-Aware Information Systems (PAIS). Since automating business processes involves many participants, uses private and public data, and communicates with external services security becomes inevitable. In current systems, security is enforced by an access control model and supplementary constraints imposed on workflow activities. However, existing systems provide individual implementations for security policies (e.g. separation of duties) and leave out other constraints (e.g. inter-process constraints). What is missing is a systematic analysis of security policies in PAIS. Hence, in this paper, we display state of the art and provide a taxonomy of security policies in PAIS. Furthermore, a detailed analysis of research challenges and issues is presented. We will show that there are still shortcomings and identify important requirements for security in PAIS. We will also point out open questions related to specifying, modeling, and changing security policies which will provide a road map for future research.\",\"PeriodicalId\":254443,\"journal\":{\"name\":\"2011 Sixth International Conference on Availability, Reliability and Security\",\"volume\":\"2 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2011-08-22\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"6\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2011 Sixth International Conference on Availability, Reliability and Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ARES.2011.107\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011 Sixth International Conference on Availability, Reliability and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ARES.2011.107","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Security Policies in Adaptive Process-Aware Information Systems: Existing Approaches and Challenges
Enabling security is one of the key challenges in adaptive Process-Aware Information Systems (PAIS). Since automating business processes involves many participants, uses private and public data, and communicates with external services security becomes inevitable. In current systems, security is enforced by an access control model and supplementary constraints imposed on workflow activities. However, existing systems provide individual implementations for security policies (e.g. separation of duties) and leave out other constraints (e.g. inter-process constraints). What is missing is a systematic analysis of security policies in PAIS. Hence, in this paper, we display state of the art and provide a taxonomy of security policies in PAIS. Furthermore, a detailed analysis of research challenges and issues is presented. We will show that there are still shortcomings and identify important requirements for security in PAIS. We will also point out open questions related to specifying, modeling, and changing security policies which will provide a road map for future research.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
